I've just been reading up on the ARP protocol and from what I understand, the source and destination IP's are never verified in any manner. Consider a scenario like this:

1. I write a program that sends spoofed ARP packets to the universal broadcast address (255.255.255.255) or perhaps even a particular range such as 124.255.255.255 .

2. The program sends packets that say, "Who has <some IP>? Tell <target IP>" to a whole IP range (like a whole country or something).

3. Those computers that the packets reach, reply in good faith to <target ip>, thus tying up all it's bandwidth and DoSsing it.

4. The best part of an attack like this is that it'd be close to impossible to trace the origins, because the real source ip is not part of the packet. A clever hacker could even change the MAC address in the packet, thus making it even more difficult to trace him.

Has this been done before or am I missing something? Is it even possible to do something like this?

Cheers,
cgkanchi